Home > Exchange 2007 > Renewing Internal Certificates –> The Easy Way

Renewing Internal Certificates –> The Easy Way

Internal certificates for Exchange expire. End of.

You need to be wary, and keep an eye on your Event logs (especially for any Hub Transport or Edge role servers), and look for the following error message;

Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date: 08/09/2008
Time: 12:24:15
User: N/A
Computer: SERVER
The STARTTLS certificate will expire soon: subject: SERVER.DOMAIN.LOCAL, hours remaining: A41370EEC5510BD5D5F3D1DB4A8D27846F045A2C. Run the New-ExchangeCertificate cmdlet to create a new certificate.

When you get these, it’s easy enough to fix.


Note the services the certificate is enabled for (by default: POP, IMAP, IIS, SMTP on CAS + HT servers). Copy the thumbprint of the certificate, and run the following;


If the certificate is SMTP enabled, you will get the following error message;


Select [Y] for Yes.

Checking the certificate again, you should find the new one installed with a new expiry date (and the old one too);


If you wish to use the Certificate for IIS also, type the following;


Ok, last bit. Test the certificates are working, then remove the old;


All done.

Categories: Exchange 2007
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: